KQL Playground

Try Kusto Query Language in your browser, no sign-up required. Query real security datasets and sharpen your KQL skills.

Pick a Dataset

Choose from real security data formats used in production environments.

Write KQL

Use the Monaco editor with syntax highlighting, IntelliSense, and sample queries.

See Results

Queries run on Azure Data Explorer. Sort, export, and share your results.

View Leaderboard
Small Defender Data
Microsoft Defender XDR

In this dataset, I ran AtomicRedTeam to perform some attacks.

DeviceFileEvents DeviceImageLoadEvents DeviceInfo DeviceNetworkEvents DeviceNetworkInfo DeviceProcessEvents
Open Playground

Ready for the Full Experience?

Our instructor-led courses provide guided labs, real-world scenarios, and hands-on exercises in a dedicated ADX environment.

Browse Courses